Auth0 Home Blog Docs

No access_token in the returned user profile from Salesforce



I meet problem when trying to get access_token from Salesforce. The user profile returned from endpoint, doesn’t have access_token info, following is the identities field. identities:

  "isSocial": true,
  "provider": "salesforce",
  "user_id": "00590000002pYgSAAU",
  "connection": "salesforce"

Following is what I have done

  1. I have created one app in the Salesforce side, and configured the callback to

  2. The scope for user_idp_tokens is also configured, following is the result from Get all client grants API

    “id”: “cgr_HfcBYrsbfhgjLPmn”,
    “client_id”: “6ESZfohmaJ8Z5xk5iCBtSh8FgNtn6hRQ”,
    “audience”: “”,
    “scope”: “read:users”, “read:connections”, “read:user_idp_tokens”]

  3. I also tried endpoint,, the “user_id” is get from step 1. However, the response is:

    “statusCode”: 400,
    “error”: “Bad Request”,
    “message”: “Object didn’t pass validation for format user-id: 00590000002pYgSAAU”,
    “errorCode”: “invalid_uri”


Let me answer the question myself, to get access token from socal provider, e.g. salesforce in my case, I should use url https://{domain}/{user_id}.
For salesforce, the user_id should use “salesforce|00590000002pYgSAAU” rather than “00590000002pYgSAAU” and this part of url should be encoded. As a result, my previous third step has problem.


Hi All, for any operation it sends
{“statusCode”:400,“error”:“Bad Request”,“message”:“Object didn’t pass validation for format user-id: 59d957e570bcc74d810d8a4f”,“errorCode”:“invalid_uri”}


For any operation it sends
{"statusCode":400,"error":"Bad Request","message":"Object didn't pass validation for format user-id: 59d957e570bcc74d810d8a4f","errorCode":"invalid_uri"}


Have you checked the details of the answer provided by @lcheng_nj ? It described that the cause for that error was the fact that an incomplete user identifier was being provided (missing a prefix).


I also tried with prefix, but it doesn’t recognize as well. What does it mean encoded, using what ? auth0|599c259e34126e181686e457 - tired this one
By the way, why change password is not included in Java client library ?


I do not know of any concrete reason behind the lack of change password in the Java library, likely it’s just not yet been added. In relation to the identifier encoded was to refer that the value is passed in the URL so it needs to be URL-encoded. You can use an online encoder such as this one.


Add it to the documentation. There is no info that says encode it.